US20090217039A1 - System, Method and Apparatus for Authenticating Calls - Google Patents

System, Method and Apparatus for Authenticating Calls Download PDF

Info

Publication number
US20090217039A1
US20090217039A1 US12/366,630 US36663009A US2009217039A1 US 20090217039 A1 US20090217039 A1 US 20090217039A1 US 36663009 A US36663009 A US 36663009A US 2009217039 A1 US2009217039 A1 US 2009217039A1
Authority
US
United States
Prior art keywords
calling device
call
user
called
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US12/366,630
Other versions
US9197746B2 (en
Inventor
Srikrishna Kurapati
Rajesh Mohan
Karthikeyan Sadhasivam
Satyam Tyagi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Arlington Technologies LLC
Avaya Management LP
Original Assignee
Sipera Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sipera Systems Inc filed Critical Sipera Systems Inc
Priority to US12/366,630 priority Critical patent/US9197746B2/en
Assigned to SIPERA SYSTEMS, INC. reassignment SIPERA SYSTEMS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MOHAN, RAJESH, KURAPATI, SRIKRISHNA, SADHASIVAM, KARTHIKEYAN, TYAGI, SATYAM
Publication of US20090217039A1 publication Critical patent/US20090217039A1/en
Assigned to COMERICA BANK reassignment COMERICA BANK SECURITY AGREEMENT Assignors: SIPERA SYSTEMS, INC.
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY AGREEMENT Assignors: SIPERA SYSTEMS, INC.
Assigned to SIPERA SYSTEMS, INC. reassignment SIPERA SYSTEMS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: COMERICA BANK
Assigned to SIPERA SYSTEMS, INC. reassignment SIPERA SYSTEMS, INC. RELEASE Assignors: SILICON VALLEY BANK
Assigned to AVAYA INC. reassignment AVAYA INC. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: SIPERA SYSTEMS, INC.
Priority to US14/594,973 priority patent/US9961197B2/en
Publication of US9197746B2 publication Critical patent/US9197746B2/en
Application granted granted Critical
Assigned to CITIBANK, N.A., AS ADMINISTRATIVE AGENT reassignment CITIBANK, N.A., AS ADMINISTRATIVE AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AVAYA INC., AVAYA INTEGRATED CABINET SOLUTIONS INC., OCTEL COMMUNICATIONS CORPORATION, VPNET TECHNOLOGIES, INC.
Assigned to OCTEL COMMUNICATIONS LLC (FORMERLY KNOWN AS OCTEL COMMUNICATIONS CORPORATION), AVAYA INC., VPNET TECHNOLOGIES, INC., AVAYA INTEGRATED CABINET SOLUTIONS INC. reassignment OCTEL COMMUNICATIONS LLC (FORMERLY KNOWN AS OCTEL COMMUNICATIONS CORPORATION) BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL/FRAME 041576/0001 Assignors: CITIBANK, N.A.
Assigned to GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT reassignment GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AVAYA INC., AVAYA INTEGRATED CABINET SOLUTIONS LLC, OCTEL COMMUNICATIONS LLC, VPNET TECHNOLOGIES, INC., ZANG, INC.
Assigned to CITIBANK, N.A., AS COLLATERAL AGENT reassignment CITIBANK, N.A., AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AVAYA INC., AVAYA INTEGRATED CABINET SOLUTIONS LLC, OCTEL COMMUNICATIONS LLC, VPNET TECHNOLOGIES, INC., ZANG, INC.
Assigned to WILMINGTON TRUST, NATIONAL ASSOCIATION reassignment WILMINGTON TRUST, NATIONAL ASSOCIATION SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AVAYA INC., AVAYA INTEGRATED CABINET SOLUTIONS LLC, AVAYA MANAGEMENT L.P., INTELLISIST, INC.
Assigned to WILMINGTON TRUST, NATIONAL ASSOCIATION, AS COLLATERAL AGENT reassignment WILMINGTON TRUST, NATIONAL ASSOCIATION, AS COLLATERAL AGENT INTELLECTUAL PROPERTY SECURITY AGREEMENT Assignors: AVAYA CABINET SOLUTIONS LLC, AVAYA INC., AVAYA MANAGEMENT L.P., INTELLISIST, INC.
Assigned to AVAYA INTEGRATED CABINET SOLUTIONS LLC, AVAYA MANAGEMENT L.P., AVAYA HOLDINGS CORP., AVAYA INC. reassignment AVAYA INTEGRATED CABINET SOLUTIONS LLC RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124/FRAME 0026 Assignors: CITIBANK, N.A., AS COLLATERAL AGENT
Assigned to WILMINGTON SAVINGS FUND SOCIETY, FSB [COLLATERAL AGENT] reassignment WILMINGTON SAVINGS FUND SOCIETY, FSB [COLLATERAL AGENT] INTELLECTUAL PROPERTY SECURITY AGREEMENT Assignors: AVAYA INC., AVAYA MANAGEMENT L.P., INTELLISIST, INC., KNOAHSOFT INC.
Assigned to CITIBANK, N.A., AS COLLATERAL AGENT reassignment CITIBANK, N.A., AS COLLATERAL AGENT INTELLECTUAL PROPERTY SECURITY AGREEMENT Assignors: AVAYA INC., AVAYA MANAGEMENT L.P., INTELLISIST, INC.
Assigned to INTELLISIST, INC., AVAYA INTEGRATED CABINET SOLUTIONS LLC, AVAYA INC., AVAYA MANAGEMENT L.P. reassignment INTELLISIST, INC. RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 61087/0386) Assignors: WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT
Assigned to INTELLISIST, INC., AVAYA INC., AVAYA MANAGEMENT L.P., AVAYA INTEGRATED CABINET SOLUTIONS LLC reassignment INTELLISIST, INC. RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 53955/0436) Assignors: WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT
Assigned to VPNET TECHNOLOGIES, INC., ZANG, INC. (FORMER NAME OF AVAYA CLOUD INC.), AVAYA INC., OCTEL COMMUNICATIONS LLC, HYPERQUALITY II, LLC, INTELLISIST, INC., HYPERQUALITY, INC., AVAYA INTEGRATED CABINET SOLUTIONS LLC, AVAYA MANAGEMENT L.P., CAAS TECHNOLOGIES, LLC reassignment VPNET TECHNOLOGIES, INC. RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001) Assignors: GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT
Assigned to AVAYA LLC reassignment AVAYA LLC (SECURITY INTEREST) GRANTOR'S NAME CHANGE Assignors: AVAYA INC.
Assigned to AVAYA LLC, AVAYA MANAGEMENT L.P. reassignment AVAYA LLC INTELLECTUAL PROPERTY RELEASE AND REASSIGNMENT Assignors: CITIBANK, N.A.
Assigned to AVAYA LLC, AVAYA MANAGEMENT L.P. reassignment AVAYA LLC INTELLECTUAL PROPERTY RELEASE AND REASSIGNMENT Assignors: WILMINGTON SAVINGS FUND SOCIETY, FSB
Assigned to ARLINGTON TECHNOLOGIES, LLC reassignment ARLINGTON TECHNOLOGIES, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AVAYA LLC
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6054Biometric subscriber identification

Definitions

  • the present invention relates generally to the field of communications and, more particularly, to a system, method and apparatus for authenticating calls.
  • Caller identification is one of the most trusted ways of identifying who is calling and is commonly used to effectively filtering incoming calls.
  • Telecommunication networks are designed in such a way that the Caller ID is usually delivered to the called device by the telecommunication operators. With a traditional phone system, it is hard to spoof Caller ID. But with the advent of IP Telephony, a caller can easily spoof Caller ID using techniques and tools freely available on the Internet. More importantly, the caller can be anywhere in the world where Internet Protocol (IP) connectivity is available to perform these operations.
  • IP Internet Protocol
  • the present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution.
  • the present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.
  • the present invention provides a method for authenticating a calling device in response to receiving a call from the calling device.
  • a first authentication request is sent to the calling device.
  • a first authentication response is received from the calling device, wherein the first authentication response includes a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key.
  • the caller identification and the called number are extracted from the encrypted data using the shared secret encryption key.
  • the call is transferred to a called device whenever the extracted caller identification and the extracted called number are valid. Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • the present invention provides an apparatus for authenticating a calling device that includes a communications interface and a processor communicably coupled to the communications interface.
  • the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response includes a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid.
  • the present invention provides a system for authenticating a calling device that includes a communications network communicably coupled to the calling device and a controller communicably coupled to the communications network.
  • the controller includes a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface.
  • the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response includes a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid.
  • the calling device (a) initiates the call, (b) receives the first authentication request, (c) generates the calling device encrypted data, and (d) sends the first authentication response.
  • the present invention also provides a method for authenticating a user of a calling device in response to receiving a call from the calling device.
  • the call is terminated and a new call is placed to the calling device.
  • the user is prompted to speak one or more words and depress one or more keys on a calling device.
  • the spoken words and one or more signals associated with the depressed keys are received.
  • One or more biometric parameters of the received spoken words are compared with a stored voice biometric template for the user, the received spoken words are compared with the prompted words and the received signals are compared with the signals associated with the prompted keys.
  • the new call is transferred to a called device whenever the user is authenticated as a result of the comparison.
  • this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • the present invention provides an apparatus for authenticating a user of a calling device that includes a communications interface and a processor communicably coupled to the communications interface.
  • the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on a calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
  • the present invention provides a system for authenticating a user of a calling device that includes a communications network communicably coupled to the calling device and a controller communicably coupled to the communications network.
  • the controller includes a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface.
  • the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
  • FIG. 1 is a block diagram of a system in accordance with one embodiment of the present invention.
  • FIG. 2 is a block diagram of an apparatus in accordance with one embodiment of the present invention.
  • FIG. 3 is a flow chart depicting a registration process for a calling device in accordance with one embodiment of the present invention
  • FIG. 4 is a flow chart depicting a method for authenticating a calling device in accordance with one embodiment of the present invention
  • FIG. 5 is a signaling diagram depicting an authentication of a calling device in accordance with one embodiment of the present invention.
  • FIG. 6 is a flow chart depicting a method for authenticating a calling device in accordance with another embodiment of the present invention.
  • FIG. 7 is a signaling diagram depicting an authentication of a calling device in accordance with another embodiment of the present invention.
  • FIG. 8 is a flow chart depicting a registration process for a user in accordance with another embodiment of the present invention.
  • FIG. 9 is a flow chart depicting a method for authenticating a user of a calling device in accordance with another embodiment of the present invention.
  • FIG. 10 is a signaling diagram depicting an authentication of a user of a calling device in accordance with another embodiment of the present invention.
  • FIG. 11 is a flow chart depicting a method for authenticating a user of a calling device in accordance with another embodiment of the present invention.
  • FIG. 12 is a signaling diagram depicting an authentication of a user of a calling device in accordance with another embodiment of the present invention.
  • the present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution.
  • the present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation.
  • This solution can handle calls coming from any phone any where with little impact on user experience.
  • Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.
  • the present invention can be incorporated, integrated or combined with other voice communication protection systems, such as:
  • the system 100 includes a communications network 102 , a controller 104 (Anti-Vishing Controller or AVC) communicably coupled to the communications network 102 , and a calling device (smart device) 106 and/or a calling device (traditional device) 112 communicably coupled to the communications network 102 .
  • Calling device 106 includes an Anti-Vishing Agent (AVA) 110 , whereas calling device 112 does not.
  • AVC Anti-Vishing Controller
  • the calling device 106 can be any type of user communications device, such as a phone (e.g., cell phone, PDA phone, IP Phone, softphone, etc.), a computer, a PDA or other any communications device capable of running the AVA 110 application.
  • the calling device 112 can be any communications device that is not running an AVA 110 application, such as a land line phone, pay phone, cell phone, etc.
  • the called device (smart device or traditional device) or called party 108 is communicably coupled to the controller 104 via integration, direct connection (as shown with called device 108 a ) or through a local network 114 (as shown with called device 108 b ).
  • the controller 104 includes a processor 200 communicably coupled to a communications interface 202 and a memory or data storage device 204 .
  • the communications interface 202 is communicably coupled to the communications network 102 , the called device 108 a , and the called device 108 b via the local network 114 .
  • the AVC 104 can be a computer, a server, a switch, a PBX, a gateway or other suitable device and can be operated by the called party, a network provider, a service provider, a facility provider or a call center.
  • the AVA 110 and AVC 104 use various in-band and out-of-band communication channels to exchange information to validate authenticity of caller ID, dialed digits and/or the called party.
  • In-band communication can be done through DTMF, modem, voice signals and out-of-band communication can be done through SMS, SIP, and other VoIP control protocols where necessary.
  • a registration request is received from the calling device 106 in block 302 .
  • the AVC 104 creates and stores a shared secret encryption key for the calling device 106 in block 304 .
  • the shared secret encryption key is an initial unique encryption key (secret) established during the registration of the calling device 106 with entities like banks or other entities dealing with confidential, personal or proprietary information.
  • secret an initial unique encryption key
  • the shared secret encryption key is created and known to the endpoints before the authentication process described below.
  • An identifier that is unique to the calling device 106 such as a cell phone IMSI/MIN, is required to register the calling device 106 .
  • the shared secret encryption key is sent to the calling device 106 in block 306 .
  • the shared secret encryption key can be recycled frequently to ensure that brute-force attacks do not succeed.
  • this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • FIG. 4 a flow chart depicting a method 400 for authenticating a calling device 106 in accordance with one embodiment of the present invention is shown.
  • the AVC 104 receives a call from the calling device 106 in block 402 and sends a first authentication request to the calling device 106 in block 404 . Thereafter, the AVC 104 receives a first authentication response containing a calling device encrypted data from the calling device 106 in block 406 .
  • the calling device encrypted data is generated by the calling device 106 using a caller identification (e.g., calling number), a called number and the shared secret encryption key.
  • a caller identification e.g., calling number
  • Other data can be used in the generation of the calling device encrypted data, such as a random number provided by the AVC 104 , the IMEI of the calling device 106 , a random number provided by the calling device 106 , or a combination thereof, etc.
  • the AVC 104 extracts the caller identification and the called number from the calling device encrypted data using the shared secret encryption key in block 408 .
  • the AVC 104 determines whether the extracted caller identification and the extracted called number are valid in decision block 410 . If the calling device 106 is not verified, as determined in decision block 410 , the AVC 104 terminates the call in block 412 .
  • the AVC 104 transfers the call to a called device or called party 108 in block 414 .
  • this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • a signaling diagram 500 depicting an authentication of a calling device 106 in accordance with one embodiment of the present invention is shown.
  • the calling device 106 initiates the call 502 to the called device 108 , but is intercepted by the AVC 104 .
  • the AVC 104 sends a first authentication request 404 to the calling device 106 .
  • the first authentication request may include a controller generated random number or controller generated encryption key.
  • the AVA 110 loaded on the calling device 106 receives the first authentication request 404 , generates the calling device encrypted data 504 and sends a first authentication response 406 containing the calling device encrypted data 504 to the AVC 104 .
  • the calling device encrypted data 504 can be generated using the caller identification (e.g., calling number), the called number, the called device generated encryption key, the controller generated encryption key, the shared secret encryption key, etc. or a combination thereof.
  • the first authentication response 208 may include a calling device generated encryption key or a calling device random number in addition to the calling device encrypted data 504 .
  • the AVC 104 extracts the caller identification and the called number from the encrypted data 206 using the shared secret encryption key and determines whether the extracted caller identification and the extracted called number are valid (collectively 408).
  • the call is terminated 412 whenever the calling device 106 AVA 110 is not valid.
  • the call is transferred 414 to the called party or called device 108 whenever the extracted caller identification and the extracted called number are valid.
  • the called device or called party 108 then can accept (answer) or deny (do not answer) or transfer (e.g., voicemail) the call 506 . It is possible for the AVA 110 to initiate the authentication. In that case, the same algorithm works except that the roles are reversed.
  • the resident AVA client 110 traps the dialed digits and generates a hash of caller ID and dialed digits using the shared secret encryption key stored in the AVA client 110 .
  • This encryption key is unique and different for each AVA 110 .
  • On receiving the call AVC 104 in the network sends request for the hash using either in-band or out-of-band methods.
  • the AVA 110 sends back computed hash either through in-band or out-of-band.
  • the AVC 104 extracts the Caller ID and dialed digits from received hash using the same secret encryption key and verifies against the caller ID and called party number.
  • the algorithm computes the hash per transaction such that it is unique per transaction and cannot be replayed later.
  • the AVA 110 can authenticate the called number. AVA 110 interacts with the user and the call data in the phone 106 to determine if the called party needs to be verified. Now the AVC 104 responds with a hash that includes the Called Party Number and Caller ID and Dialed Digits.
  • FIG. 6 a flow chart depicting a method 600 for authenticating a calling device 106 in accordance with another embodiment of the present invention is shown.
  • the AVC 104 receives a call from the calling device 106 in block 402 and sends a first authentication request to the calling device 106 in block 404 . Thereafter, the AVC 104 receives a first authentication response containing a calling device encrypted data from the calling device 106 in block 406 .
  • the calling device encrypted data is generated by the calling device 106 using a caller identification (e.g., calling number), a called number and the shared secret encryption key.
  • a caller identification e.g., calling number
  • Other data can be used in the generation of the calling device encrypted data, such as a random number provided by the AVC 104 , the IMEI of the calling device 106 , a random number provided by the calling device 106 , or a combination thereof, etc.
  • the AVC 104 extracts the caller identification and the called number from the calling device encrypted data using the shared secret encryption key in block 408 .
  • the AVC 104 determines whether the extracted caller identification and the extracted called number are valid in decision block 410 . If the calling device 106 is not verified, as determined in decision block 410 , the AVC 104 terminates the call in block 412 .
  • the AVC 104 sends a second authentication request containing a controller encrypted data to the calling device 106 in block 602 .
  • the controller encrypted data is generated by the controller 104 using a caller identification (e.g., calling number), a called number and the shared secret encryption key. Other data can be used in the generation of the controller encrypted data, such as a random number provided by the AVC 104 , a random number provided by the calling device 106 , or a combination thereof, etc.
  • AVC 104 receives a second authentication response indicating success or failure from the calling device 106 in block 604 .
  • the AVC 104 terminates the call in block 412 . If, however, the second authentication response indicates success, as determined in decision block 606 , the AVC 104 transfers the call to a called device or called party 108 in block 414 . Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • FIG. 7 a signaling diagram 700 in accordance with another embodiment of the present invention is shown.
  • This embodiment implements mutual authentication of the endpoints.
  • the calling device 106 initiates the call 502 to the called device 108 , but is intercepted by the AVC 104 .
  • the AVC 104 sends a first authentication request 404 to the calling device 106 .
  • the first authentication request may include a controller generated random number or controller generated encryption key.
  • the AVA 110 loaded on the calling device 106 receives the first authentication request 404 , generates the calling device encrypted data 504 and sends a first authentication response 406 containing the calling device encrypted data 504 to the AVC 104 .
  • the calling device encrypted data 504 can be generated using the caller identification (e.g., calling number), the called number, the called device generated encryption key, the controller generated encryption key, the shared secret encryption key, etc. or a combination thereof.
  • the first authentication response 208 may include a calling device generated encryption key or a calling device random number in addition to the calling device encrypted data 504 .
  • the AVC 104 extracts the caller identification and the called number from the encrypted data 206 using the shared secret encryption key and determines whether the extracted caller identification and the extracted called number are valid (collectively 408). The call is terminated 412 whenever the calling device 106 AVA 110 is not valid.
  • the AVC 104 generates a controller device encrypted data 702 whenever the extracted caller identification and the extracted called number are valid.
  • the controller device encrypted data can be generated using the caller identification (e.g., calling number), the called number, the called device generated encryption key, the controller generated encryption key, the shared secret encryption key, etc. or a combination thereof.
  • the AVC 104 sends a second authorization request 602 to the calling device 106 AVA 110 .
  • the calling device 106 AVA 110 extracts the data and verifies the controller 104 or called device 108 (collectively 704) and sends a second authorization response 604 to the AVC 104 .
  • the AVC 104 terminates the call 412 whenever the second authentication response 604 indicates failure.
  • the AVC 104 transfers the call 312 to the called party or called device 108 whenever the second authentication response 604 indicates success.
  • the called device or called party 108 then can accept (answer) or deny (do not answer) or transfer (e.g., voicemail) the call 506 . It is possible for the AVA 110 to initiate the authentication. In that case, the same algorithm works except that the roles are reversed.
  • the requests and response may include the following information:
  • First authorization request 404 Server_Random where Server_Random is ‘n’ Pseudo Random digits generated on AVC 104 where the value of ‘n’ depends on the setup time desired.
  • First authorization response 406 Client_Random + Client_Auth_Data where Client Random is Pseudo Random digits generated on the phone where the value of ‘n’ depends on the setup time desired, and Client_Auth_Data is First ‘m’ digits of HMAC_MD5(Shared_Secret, Caller_Number + Called_Number [+ IMEI] + Client Random + Server_Random) where the value of ‘m’ depends on the setup time. IMEI is added in case of Smart phones.
  • Second authorization request 602 Server_Auth_Data or Auth_Failure
  • Server_Auth_Data is First ‘m’ digits of HMAC_MD5(Shared_Secret, Called_Number + Caller_Number + Server_Random + Client_Random) where the value of ‘m’ depends on the setup time desired.
  • IMEI/MIN is added in case of Smart phones, and Auth_Failure is Call be terminated.
  • Second authorization response 604 Auth_Success or Auth_Failure where Auth_Success: Call will be transferred.
  • FIG. 8 a flow chart depicting a registration process 800 for a user in accordance with another embodiment of the present invention is shown.
  • a user registers his/her voice or the calling device 106 or 112 for the first time, the user preferably goes through a validation process which requires a voice prompt to be recorded on the AVC 104 .
  • the user will be authenticated using standard procedures (such as calling from home phone number or teller assisted procedures).
  • the user will be prompted to record his voice.
  • the user will be educated to expect this message whenever he/she logs in to access his account over telephone.
  • the voice prompt serves two purposes one it helps to validate biometrics and the second it validates the AVC 104 .
  • the user of a calling device 106 or 112 is prompted to speak a message in block 802 .
  • the spoken message is recorded and stored in block 802 .
  • a biometric template based on the user's voice is then created and stored for the user in block 806 .
  • the registration process 800 may also include periodically changing the stored message by prompting the calling party or user to speak a new message, and recording the new message and replacing the message with the new message. Note that the stored message should not be played to the calling party or user until the calling party or user is authenticated.
  • the present invention prevents caller ID spoofing, man-in-the-middle attacks, record and replay attacks, called party impersonation, or a combination thereof.
  • the resident AVC 104 When the user makes a call to the bank or financial entity, the resident AVC 104 first terminates the call and calls back the user. This procedure prevents Caller ID spoofing if any. Once the user answers the call the AVC 104 requests the user to speak a randomly generated phrase and sequence of dialed digits. When the phrase is repeated by the user, the AVC 104 validates biometrics, content of the phrase, and the sequence of dialed digits against the called party number. This prevents man-in-the-middle and record and replay attacks. Once this validation is complete, the AVC 104 plays the prompt recorded by the user during registration process. The user now should validate the prompt before proceeding further with the call to divulge any important information. This step prevents any called party impersonation.
  • the prompt could change frequently to prevent any replay attacks.
  • this algorithm requires certain modifications to user behavior when making calls related to financial matter or other important matters.
  • the users voice recorded on the Bank's server will be refreshed to avoid any recording and replay through foul play.
  • This algorithm ensures that the media recorded on the server is not played before the user is authenticated.
  • Authentication on traditional phones relies on user voice recognition. Users are authenticated using voice biometric systems. The user authenticates the bank by hearing his/her own voice that was recorded by him/her during registration. The user will be prompted to refresh this recording periodically.
  • FIG. 9 a flow chart depicting a method 900 for authenticating a user of a calling device 112 in accordance with another embodiment of the present invention is shown. Note that this method can also be used with a calling device 106 .
  • the AVC 104 receives a call from the calling device 112 via the communications interface in block 402 and terminates the call in block 412 . Thereafter, the AVC 104 initiates a new call to the calling device 112 via the communications interface in block 902 .
  • the AVC 104 then prompts the user of the calling device 112 to speak one or more words and depress one or more keys on the calling device in block 904 , and receives the spoken words and one or more signals associated with the depressed keys via the communication interface in block 906 .
  • the AVC 104 authenticates the user of the calling device 112 by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the calling device 112 , the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys in block 908 . If the comparison is not successful, as determined in decision block 910 , the new call is terminated in block 912 .
  • the AVC 104 transfers the new call to the called device or called party 108 in block 914 .
  • this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • FIG. 10 a signaling diagram 1000 depicting an authentication of a user of a calling device 112 in accordance with another embodiment of the present invention is shown.
  • the user or calling party initiates a call 502 to the called device or called party 108 using a traditional calling device 112 .
  • the AVC 104 terminates the call 412 and initiates a new call 902 to the traditional calling device 112 .
  • the AVC 104 may provide a notification to the traditional calling device 112 that the authentication process will begin following the termination of the current call 412 .
  • the traditional calling device 112 accepts the call 1002 and the user of the calling device 112 is prompted 904 to speak one or more words and depress one or more keys on a calling device.
  • the one or more words and the one or more keys can be randomly generated by the AVC 104 .
  • the one or more keys can be selected from one or more digits of a telephone number of the called party, and the one or more keys can be selected from the 0-9, * and # keys.
  • the spoken words and one or more signals associated with the depressed keys are received 906 by the AVC 104 .
  • One or more biometric parameters of the received spoken words are compared 908 with a stored voice biometric template for the user or calling party, the received spoken words are compared with the prompted words and the received signals are compared with the signals associated with the prompted keys.
  • the new call is terminated 912 if the comparison fails.
  • one or more notifications can be logged or sent to the called device or called party 108 whenever the user or calling party is not authenticated.
  • the new call is transferred 914 to a called party whenever the user or calling party is authenticated as a result of the comparison 908 .
  • the called device or called party 108 then can accept (answer) or deny (do not answer) or transfer (e.g., voicemail) the new call 1004 .
  • FIG. 11 a flow chart depicting a method 1100 for authenticating a user of a calling device 112 in accordance with another embodiment of the present invention is shown. Note that this method can also be used with a calling device 106 .
  • the AVC 104 receives a call from the calling device 112 via the communications interface in block 402 and terminates the call in block 412 . Thereafter, the AVC 104 initiates a new call to the calling device 112 via the communications interface in block 902 .
  • the AVC 104 then prompts the user of the calling device 112 to speak one or more words and depress one or more keys on the calling device in block 904 , and receives the spoken words and one or more signals associated with the depressed keys via the communication interface in block 906 .
  • the AVC 104 authenticates the user of the calling device 112 by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the calling device 112 , the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys in block 908 . If the comparison is not successful, as determined in decision block 910 , the new call is terminated in block 912 .
  • the AVC 104 plays a stored message to the user of the calling device 112 to authenticate the called party or called device 108 in block 1102 and transfers the new call to the called device or called party 108 in block 914 .
  • this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • FIG. 12 a signaling diagram 1200 depicting an authentication of a user of a calling device 112 in accordance with another embodiment of the present invention is shown.
  • the user of the calling device 112 initiates a call 502 to the called device or called party 108 using a traditional calling device 112 .
  • the AVC 104 terminates the call 412 and initiates a new call 902 to the traditional calling device 112 .
  • the AVC 104 may provide a notification to the traditional calling device 112 that the authentication process will begin following the termination of the current call 412 .
  • the traditional calling device 112 accepts the call 1102 and the user of the calling device 112 is prompted 904 to speak one or more words and depress one or more keys on a calling device.
  • the one or more words and the one or more keys can be randomly generated by the AVC 104 .
  • the one or more keys can be selected from one or more digits of a telephone number of the called party, and the one or more keys can be selected from the 0-9, * and # keys.
  • the spoken words and one or more signals associated with the depressed keys are received 906 by the AVC 104 .
  • One or more biometric parameters of the received spoken words are compared 908 with a stored voice biometric template for the user or calling party, the received spoken words are compared with the prompted words and the received signals are compared with the signals associated with the prompted keys.
  • the new call is terminated 912 if the comparison fails.
  • one or more notifications can be logged or sent to the called device called party 108 whenever the user or calling party is not authenticated.
  • a stored message is played 1102 to the user or calling party to authenticate the called party or called device 108 if the comparison 908 is successful.
  • the stored message was previously recorded by the user or calling party during the registration process 800 .
  • the new call is then transferred 914 to the called device or called party 108 and the called device or called party 108 then accepts (answer) or denies (do not answer) or transfers (e.g., voicemail) the new call 1004 .
  • a general purpose processor e.g., microprocessor, conventional processor, controller, microcontroller, state machine or combination of computing devices
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • steps of a method or process described herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two.
  • a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

Description

    PRIORITY CLAIM
  • This patent application is a non-provisional application of U.S. provisional patent application 61/026,470 filed on Feb. 5, 2008; which is incorporated herein by reference in its entirety.
    • FIELD OF THE INVENTION
  • The present invention relates generally to the field of communications and, more particularly, to a system, method and apparatus for authenticating calls.
    • BACKGROUND OF THE INVENTION
  • Caller identification (Caller ID) is one of the most trusted ways of identifying who is calling and is commonly used to effectively filtering incoming calls. Telecommunication networks are designed in such a way that the Caller ID is usually delivered to the called device by the telecommunication operators. With a traditional phone system, it is hard to spoof Caller ID. But with the advent of IP Telephony, a caller can easily spoof Caller ID using techniques and tools freely available on the Internet. More importantly, the caller can be anywhere in the world where Internet Protocol (IP) connectivity is available to perform these operations.
  • In addition, when someone calls a number and leaves a message to call back, the recipient commonly believes the message and callback number associated with the message. Hackers can exploit this trusted call back behavior for their scams using called ID spoofing and geographic independence.
  • One such attack recently termed as “Vishing” (Voice variant of well known web/email phishing) has serious consequences to the financial and banking industry. A hacker sitting in a foreign country with freely available tools, such as asterisk PBX, can launch thousands or millions of automated calls. By spoofing Caller ID, the attacker pretends to be the bank or financial institution to solicit confidential information that could lead to theft of the target's financial assets. Similarly, the attacker can leave thousands or millions of messages to callers to call back a number different from the legitimate bank's numbers. Since banks have hundreds of numbers to provide various services, the customer is led to believe that the number is legitimate. The attacker can, with freely available tools, impersonate the bank's caller center and can collect confidential information. In addition, the attacker can act like a man-in-the-middle (MITM) between the customer and bank in order to easily obtain confidential information of the target.
  • As a result, Caller ID does not necessarily reveal the true identity of a caller. Moreover, in today's world of self-service and virtual customer service, it is becoming increasingly more difficult to associate Caller ID with the caller and calling number with the called party. There is, therefore, a need for a system, method and apparatus for authenticating calls.
    • SUMMARY OF THE INVENTION
  • The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.
  • More specifically, the present invention provides a method for authenticating a calling device in response to receiving a call from the calling device. A first authentication request is sent to the calling device. A first authentication response is received from the calling device, wherein the first authentication response includes a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key. The caller identification and the called number are extracted from the encrypted data using the shared secret encryption key. The call is transferred to a called device whenever the extracted caller identification and the extracted called number are valid. Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • In addition the present invention provides an apparatus for authenticating a calling device that includes a communications interface and a processor communicably coupled to the communications interface. The processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response includes a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid.
  • Moreover, the present invention provides a system for authenticating a calling device that includes a communications network communicably coupled to the calling device and a controller communicably coupled to the communications network. The controller includes a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface. The processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response includes a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid. The calling device (a) initiates the call, (b) receives the first authentication request, (c) generates the calling device encrypted data, and (d) sends the first authentication response.
  • The present invention also provides a method for authenticating a user of a calling device in response to receiving a call from the calling device. The call is terminated and a new call is placed to the calling device. The user is prompted to speak one or more words and depress one or more keys on a calling device. The spoken words and one or more signals associated with the depressed keys are received. One or more biometric parameters of the received spoken words are compared with a stored voice biometric template for the user, the received spoken words are compared with the prompted words and the received signals are compared with the signals associated with the prompted keys. The new call is transferred to a called device whenever the user is authenticated as a result of the comparison. Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • In addition, the present invention provides an apparatus for authenticating a user of a calling device that includes a communications interface and a processor communicably coupled to the communications interface. The processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on a calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
  • Moreover, the present invention provides a system for authenticating a user of a calling device that includes a communications network communicably coupled to the calling device and a controller communicably coupled to the communications network. The controller includes a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface. The processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
  • The present invention is described in detail below with reference to the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The above and further advantages of the invention may be better understood by referring to the following description in conjunction with the accompanying drawings, in which:
  • FIG. 1 is a block diagram of a system in accordance with one embodiment of the present invention;
  • FIG. 2 is a block diagram of an apparatus in accordance with one embodiment of the present invention;
  • FIG. 3 is a flow chart depicting a registration process for a calling device in accordance with one embodiment of the present invention;
  • FIG. 4 is a flow chart depicting a method for authenticating a calling device in accordance with one embodiment of the present invention;
  • FIG. 5 is a signaling diagram depicting an authentication of a calling device in accordance with one embodiment of the present invention;
  • FIG. 6 is a flow chart depicting a method for authenticating a calling device in accordance with another embodiment of the present invention;
  • FIG. 7 is a signaling diagram depicting an authentication of a calling device in accordance with another embodiment of the present invention;
  • FIG. 8 is a flow chart depicting a registration process for a user in accordance with another embodiment of the present invention;
  • FIG. 9 is a flow chart depicting a method for authenticating a user of a calling device in accordance with another embodiment of the present invention;
  • FIG. 10 is a signaling diagram depicting an authentication of a user of a calling device in accordance with another embodiment of the present invention;
  • FIG. 11 is a flow chart depicting a method for authenticating a user of a calling device in accordance with another embodiment of the present invention; and
  • FIG. 12 is a signaling diagram depicting an authentication of a user of a calling device in accordance with another embodiment of the present invention.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • While the making and using of various embodiments of the present invention are discussed in detail below, it should be appreciated that the present invention provides many applicable inventive concepts that can be embodied in a wide variety of specific contexts. The specific embodiments discussed herein are merely illustrative of specific ways to make and use the invention and do not delimit the scope of the invention. The discussion herein relates primarily to voice communications in a telecommunications network, but it will be understood that the concepts of the present invention are applicable to any communications session, network or device.
  • The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification. Note that the present invention can be incorporated, integrated or combined with other voice communication protection systems, such as:
      • U.S. patent application Ser. No. 10/917,771 filed Aug. 13, 2004 entitled “System and Method for Detecting and Preventing Denial of Service Attacks in a Communications System”;
      • U.S. patent application Ser. No. 11/502,244 filed Aug. 9, 2006 entitled “System and Method for Providing Network Level and Nodal Level Vulnerability Protection in VoIP Networks” which is a non-provisional application of U.S. Patent Application Ser. No. 60/706,950 filed Aug. 9, 2005;
      • U.S. patent application Ser. No. 11/521,427 filed Sep. 14, 2006 entitled “System, Method and Apparatus for Classifying Communications in a Communications System” which is a non-provisional application of U.S. Patent Application Ser. No. 60/717,065 filed Sep. 14, 2005;
      • U.S. patent application Ser. No. 11/769,609 filed Jun. 27, 2007 entitled “System, Method and Apparatus for Classifying Communications in a Communications System” which is a non-provisional application of U.S. Patent Application Ser. No. 60/817,445 filed Jun. 29, 2006;
      • U.S. patent application Ser. No. 11/776,509 filed Jul. 11, 2007 entitled “System, Method and Apparatus for Securely Exchanging Security Keys and Monitoring Links in a IP Communications Network” which is a non-provisional application of U.S. Patent Application Ser. No. 60/830,168 filed Jul. 12, 2006;
      • U.S. patent application Ser. No. 11/776,549 filed Jul. 11, 2007 entitled “System, Method and Apparatus for Troubleshooting an IP Network” which is a non-provisional application of U.S. Patent Application Ser. No. 60/830,411 filed Jul. 12, 2006;
      • U.S. patent application Ser. No. 12/028,781 filed Feb. 8, 2008 entitled “System, Method and Apparatus for Clientless Two Factor Authentication in VoIP Networks” which is a non-provisional application of U.S. Patent Application Ser. No. 60/888,765 filed Feb. 8, 2007; and
      • U.S. patent application Ser. No. 12/189,151 filed Aug. 9, 2008 entitled “System, Method and Apparatus for Providing Security in an IP-Based End User Device” which is a non-provisional application of U.S. Patent Application Ser. No. 60/955,037 filed Aug. 10, 2007.
        All of the foregoing applications are incorporated herein by reference in their entirety
  • Now referring to FIGS. 1 and 2, block diagrams of a system 100 and an apparatus 104 in accordance with one embodiment of the present invention are shown. The system 100 includes a communications network 102, a controller 104 (Anti-Vishing Controller or AVC) communicably coupled to the communications network 102, and a calling device (smart device) 106 and/or a calling device (traditional device) 112 communicably coupled to the communications network 102. Calling device 106 includes an Anti-Vishing Agent (AVA) 110, whereas calling device 112 does not. The calling device 106 can be any type of user communications device, such as a phone (e.g., cell phone, PDA phone, IP Phone, softphone, etc.), a computer, a PDA or other any communications device capable of running the AVA 110 application. The calling device 112 can be any communications device that is not running an AVA 110 application, such as a land line phone, pay phone, cell phone, etc. The called device (smart device or traditional device) or called party 108 is communicably coupled to the controller 104 via integration, direct connection (as shown with called device 108 a) or through a local network 114 (as shown with called device 108 b). The controller 104 includes a processor 200 communicably coupled to a communications interface 202 and a memory or data storage device 204. The communications interface 202 is communicably coupled to the communications network 102, the called device 108 a, and the called device 108 b via the local network 114.
  • The AVC 104 can be a computer, a server, a switch, a PBX, a gateway or other suitable device and can be operated by the called party, a network provider, a service provider, a facility provider or a call center. The AVA 110 and AVC 104 use various in-band and out-of-band communication channels to exchange information to validate authenticity of caller ID, dialed digits and/or the called party. In-band communication can be done through DTMF, modem, voice signals and out-of-band communication can be done through SMS, SIP, and other VoIP control protocols where necessary.
  • Referring now to FIG. 3, a flow chart depicting a registration process 300 for a calling device 106 in accordance with one embodiment of the present invention is shown. A registration request is received from the calling device 106 in block 302. In response, the AVC 104 creates and stores a shared secret encryption key for the calling device 106 in block 304. The shared secret encryption key is an initial unique encryption key (secret) established during the registration of the calling device 106 with entities like banks or other entities dealing with confidential, personal or proprietary information. As a result, the shared secret encryption key is created and known to the endpoints before the authentication process described below. An identifier that is unique to the calling device 106, such as a cell phone IMSI/MIN, is required to register the calling device 106. The shared secret encryption key is sent to the calling device 106 in block 306. Note that the shared secret encryption key can be recycled frequently to ensure that brute-force attacks do not succeed. Note also that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • Now referring to FIG. 4, a flow chart depicting a method 400 for authenticating a calling device 106 in accordance with one embodiment of the present invention is shown. The AVC 104 receives a call from the calling device 106 in block 402 and sends a first authentication request to the calling device 106 in block 404. Thereafter, the AVC 104 receives a first authentication response containing a calling device encrypted data from the calling device 106 in block 406. The calling device encrypted data is generated by the calling device 106 using a caller identification (e.g., calling number), a called number and the shared secret encryption key. Other data can be used in the generation of the calling device encrypted data, such as a random number provided by the AVC 104, the IMEI of the calling device 106, a random number provided by the calling device 106, or a combination thereof, etc. The AVC 104 extracts the caller identification and the called number from the calling device encrypted data using the shared secret encryption key in block 408. The AVC 104 determines whether the extracted caller identification and the extracted called number are valid in decision block 410. If the calling device 106 is not verified, as determined in decision block 410, the AVC 104 terminates the call in block 412. If, however, the calling device 106 is verified, as determined in decision block 410, the AVC 104 transfers the call to a called device or called party 108 in block 414. Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • Referring now to FIG. 5, a signaling diagram 500 depicting an authentication of a calling device 106 in accordance with one embodiment of the present invention is shown. The calling device 106 initiates the call 502 to the called device 108, but is intercepted by the AVC 104. In response, the AVC 104 sends a first authentication request 404 to the calling device 106. The first authentication request may include a controller generated random number or controller generated encryption key. The AVA 110 loaded on the calling device 106 receives the first authentication request 404, generates the calling device encrypted data 504 and sends a first authentication response 406 containing the calling device encrypted data 504 to the AVC 104. As previously described, the calling device encrypted data 504 can be generated using the caller identification (e.g., calling number), the called number, the called device generated encryption key, the controller generated encryption key, the shared secret encryption key, etc. or a combination thereof. The first authentication response 208 may include a calling device generated encryption key or a calling device random number in addition to the calling device encrypted data 504. The AVC 104 extracts the caller identification and the called number from the encrypted data 206 using the shared secret encryption key and determines whether the extracted caller identification and the extracted called number are valid (collectively 408). The call is terminated 412 whenever the calling device 106 AVA 110 is not valid. The call is transferred 414 to the called party or called device 108 whenever the extracted caller identification and the extracted called number are valid. The called device or called party 108 then can accept (answer) or deny (do not answer) or transfer (e.g., voicemail) the call 506. It is possible for the AVA 110 to initiate the authentication. In that case, the same algorithm works except that the roles are reversed.
  • For example, when a user makes a call from cell phone 106, the resident AVA client 110 traps the dialed digits and generates a hash of caller ID and dialed digits using the shared secret encryption key stored in the AVA client 110. This encryption key is unique and different for each AVA 110. On receiving the call AVC 104 in the network sends request for the hash using either in-band or out-of-band methods. Upon receiving the request, the AVA 110 sends back computed hash either through in-band or out-of-band. The AVC 104 extracts the Caller ID and dialed digits from received hash using the same secret encryption key and verifies against the caller ID and called party number. This ensures that the Caller ID is not spoofed and no man-in-the-middle. The algorithm computes the hash per transaction such that it is unique per transaction and cannot be replayed later. Similarly, the AVA 110 can authenticate the called number. AVA 110 interacts with the user and the call data in the phone 106 to determine if the called party needs to be verified. Now the AVC 104 responds with a hash that includes the Called Party Number and Caller ID and Dialed Digits.
  • Now referring to FIG. 6, a flow chart depicting a method 600 for authenticating a calling device 106 in accordance with another embodiment of the present invention is shown. The AVC 104 receives a call from the calling device 106 in block 402 and sends a first authentication request to the calling device 106 in block 404. Thereafter, the AVC 104 receives a first authentication response containing a calling device encrypted data from the calling device 106 in block 406. The calling device encrypted data is generated by the calling device 106 using a caller identification (e.g., calling number), a called number and the shared secret encryption key. Other data can be used in the generation of the calling device encrypted data, such as a random number provided by the AVC 104, the IMEI of the calling device 106, a random number provided by the calling device 106, or a combination thereof, etc. The AVC 104 extracts the caller identification and the called number from the calling device encrypted data using the shared secret encryption key in block 408. The AVC 104 determines whether the extracted caller identification and the extracted called number are valid in decision block 410. If the calling device 106 is not verified, as determined in decision block 410, the AVC 104 terminates the call in block 412. If, however, the calling device 106 is verified, as determined in decision block 410, the AVC 104 sends a second authentication request containing a controller encrypted data to the calling device 106 in block 602. The controller encrypted data is generated by the controller 104 using a caller identification (e.g., calling number), a called number and the shared secret encryption key. Other data can be used in the generation of the controller encrypted data, such as a random number provided by the AVC 104, a random number provided by the calling device 106, or a combination thereof, etc. Thereafter, AVC 104 receives a second authentication response indicating success or failure from the calling device 106 in block 604. If the second authentication response indicates failure, as determined in decision block 606, the AVC 104 terminates the call in block 412. If, however, the second authentication response indicates success, as determined in decision block 606, the AVC 104 transfers the call to a called device or called party 108 in block 414. Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • Referring now to FIG. 7, a signaling diagram 700 in accordance with another embodiment of the present invention is shown. This embodiment implements mutual authentication of the endpoints. The calling device 106 initiates the call 502 to the called device 108, but is intercepted by the AVC 104. In response, the AVC 104 sends a first authentication request 404 to the calling device 106. The first authentication request may include a controller generated random number or controller generated encryption key. The AVA 110 loaded on the calling device 106 receives the first authentication request 404, generates the calling device encrypted data 504 and sends a first authentication response 406 containing the calling device encrypted data 504 to the AVC 104. As previously described, the calling device encrypted data 504 can be generated using the caller identification (e.g., calling number), the called number, the called device generated encryption key, the controller generated encryption key, the shared secret encryption key, etc. or a combination thereof. The first authentication response 208 may include a calling device generated encryption key or a calling device random number in addition to the calling device encrypted data 504. The AVC 104 extracts the caller identification and the called number from the encrypted data 206 using the shared secret encryption key and determines whether the extracted caller identification and the extracted called number are valid (collectively 408). The call is terminated 412 whenever the calling device 106 AVA 110 is not valid.
  • The AVC 104 generates a controller device encrypted data 702 whenever the extracted caller identification and the extracted called number are valid. The controller device encrypted data can be generated using the caller identification (e.g., calling number), the called number, the called device generated encryption key, the controller generated encryption key, the shared secret encryption key, etc. or a combination thereof. The AVC 104 sends a second authorization request 602 to the calling device 106 AVA 110. The calling device 106 AVA 110 extracts the data and verifies the controller 104 or called device 108 (collectively 704) and sends a second authorization response 604 to the AVC 104. The AVC 104 terminates the call 412 whenever the second authentication response 604 indicates failure. The AVC 104 transfers the call 312 to the called party or called device 108 whenever the second authentication response 604 indicates success. The called device or called party 108 then can accept (answer) or deny (do not answer) or transfer (e.g., voicemail) the call 506. It is possible for the AVA 110 to initiate the authentication. In that case, the same algorithm works except that the roles are reversed.
  • For example, the requests and response may include the following information:
  •
    First authorization request 404 = Server_Random
    where Server_Random is ‘n’ Pseudo Random digits generated on AVC 104
    where the value of ‘n’ depends on the setup time desired.
    First authorization response 406 = Client_Random + Client_Auth_Data
    where Client Random is Pseudo Random digits generated on the phone where the
    value of ‘n’ depends on the setup time desired, and
    Client_Auth_Data is First ‘m’ digits of HMAC_MD5(Shared_Secret,
    Caller_Number + Called_Number [+ IMEI] + Client Random +
    Server_Random) where the value of ‘m’ depends on the setup time. IMEI
    is added in case of Smart phones.
    Second authorization request 602 = Server_Auth_Data or Auth_Failure
    where Server_Auth_Data is First ‘m’ digits of HMAC_MD5(Shared_Secret,
    Called_Number + Caller_Number + Server_Random + Client_Random)
    where the value of ‘m’ depends on the setup time desired. IMEI/MIN is
    added in case of Smart phones, and
    Auth_Failure is Call be terminated.
    Second authorization response 604 = Auth_Success or Auth_Failure
    where Auth_Success: Call will be transferred.
  • Now referring to FIG. 8, a flow chart depicting a registration process 800 for a user in accordance with another embodiment of the present invention is shown. When a user registers his/her voice or the calling device 106 or 112 for the first time, the user preferably goes through a validation process which requires a voice prompt to be recorded on the AVC 104. During registration, the user will be authenticated using standard procedures (such as calling from home phone number or teller assisted procedures). Once the user is authenticated, the user will be prompted to record his voice. The user will be educated to expect this message whenever he/she logs in to access his account over telephone. The voice prompt serves two purposes one it helps to validate biometrics and the second it validates the AVC 104. More specifically, after the user initiates the registration process 800, the user of a calling device 106 or 112 is prompted to speak a message in block 802. The spoken message is recorded and stored in block 802. A biometric template based on the user's voice is then created and stored for the user in block 806. The registration process 800 may also include periodically changing the stored message by prompting the calling party or user to speak a new message, and recording the new message and replacing the message with the new message. Note that the stored message should not be played to the calling party or user until the calling party or user is authenticated. As a result, the present invention prevents caller ID spoofing, man-in-the-middle attacks, record and replay attacks, called party impersonation, or a combination thereof.
  • When the user makes a call to the bank or financial entity, the resident AVC 104 first terminates the call and calls back the user. This procedure prevents Caller ID spoofing if any. Once the user answers the call the AVC 104 requests the user to speak a randomly generated phrase and sequence of dialed digits. When the phrase is repeated by the user, the AVC 104 validates biometrics, content of the phrase, and the sequence of dialed digits against the called party number. This prevents man-in-the-middle and record and replay attacks. Once this validation is complete, the AVC 104 plays the prompt recorded by the user during registration process. The user now should validate the prompt before proceeding further with the call to divulge any important information. This step prevents any called party impersonation. The prompt could change frequently to prevent any replay attacks. Just like the case with email phishing, this algorithm requires certain modifications to user behavior when making calls related to financial matter or other important matters. The users voice recorded on the Bank's server will be refreshed to avoid any recording and replay through foul play. This algorithm ensures that the media recorded on the server is not played before the user is authenticated. Authentication on traditional phones relies on user voice recognition. Users are authenticated using voice biometric systems. The user authenticates the bank by hearing his/her own voice that was recorded by him/her during registration. The user will be prompted to refresh this recording periodically.
  • Referring now to FIG. 9, a flow chart depicting a method 900 for authenticating a user of a calling device 112 in accordance with another embodiment of the present invention is shown. Note that this method can also be used with a calling device 106. The AVC 104 receives a call from the calling device 112 via the communications interface in block 402 and terminates the call in block 412. Thereafter, the AVC 104 initiates a new call to the calling device 112 via the communications interface in block 902. The AVC 104 then prompts the user of the calling device 112 to speak one or more words and depress one or more keys on the calling device in block 904, and receives the spoken words and one or more signals associated with the depressed keys via the communication interface in block 906. The AVC 104 authenticates the user of the calling device 112 by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the calling device 112, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys in block 908. If the comparison is not successful, as determined in decision block 910, the new call is terminated in block 912. If, however, the comparison is successfully, as determined in decision block 910, the AVC 104 transfers the new call to the called device or called party 108 in block 914. Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • Now referring to FIG. 10, a signaling diagram 1000 depicting an authentication of a user of a calling device 112 in accordance with another embodiment of the present invention is shown. The user or calling party initiates a call 502 to the called device or called party 108 using a traditional calling device 112. The AVC 104 terminates the call 412 and initiates a new call 902 to the traditional calling device 112. Note that the AVC 104 may provide a notification to the traditional calling device 112 that the authentication process will begin following the termination of the current call 412. The traditional calling device 112 accepts the call 1002 and the user of the calling device 112 is prompted 904 to speak one or more words and depress one or more keys on a calling device. The one or more words and the one or more keys can be randomly generated by the AVC 104. The one or more keys can be selected from one or more digits of a telephone number of the called party, and the one or more keys can be selected from the 0-9, * and # keys. The spoken words and one or more signals associated with the depressed keys are received 906 by the AVC 104. One or more biometric parameters of the received spoken words are compared 908 with a stored voice biometric template for the user or calling party, the received spoken words are compared with the prompted words and the received signals are compared with the signals associated with the prompted keys. The new call is terminated 912 if the comparison fails. In addition, one or more notifications can be logged or sent to the called device or called party 108 whenever the user or calling party is not authenticated. The new call is transferred 914 to a called party whenever the user or calling party is authenticated as a result of the comparison 908. The called device or called party 108 then can accept (answer) or deny (do not answer) or transfer (e.g., voicemail) the new call 1004.
  • Referring now to FIG. 11, a flow chart depicting a method 1100 for authenticating a user of a calling device 112 in accordance with another embodiment of the present invention is shown. Note that this method can also be used with a calling device 106. The AVC 104 receives a call from the calling device 112 via the communications interface in block 402 and terminates the call in block 412. Thereafter, the AVC 104 initiates a new call to the calling device 112 via the communications interface in block 902. The AVC 104 then prompts the user of the calling device 112 to speak one or more words and depress one or more keys on the calling device in block 904, and receives the spoken words and one or more signals associated with the depressed keys via the communication interface in block 906. The AVC 104 authenticates the user of the calling device 112 by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the calling device 112, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys in block 908. If the comparison is not successful, as determined in decision block 910, the new call is terminated in block 912. If, however, the comparison is successfully, as determined in decision block 910, the AVC 104 plays a stored message to the user of the calling device 112 to authenticate the called party or called device 108 in block 1102 and transfers the new call to the called device or called party 108 in block 914. Note that this method can be implemented on a computer readable medium wherein the steps are performed by one or more code segments.
  • Now referring to FIG. 12, a signaling diagram 1200 depicting an authentication of a user of a calling device 112 in accordance with another embodiment of the present invention is shown. The user of the calling device 112 initiates a call 502 to the called device or called party 108 using a traditional calling device 112. The AVC 104 terminates the call 412 and initiates a new call 902 to the traditional calling device 112. Note that the AVC 104 may provide a notification to the traditional calling device 112 that the authentication process will begin following the termination of the current call 412. The traditional calling device 112 accepts the call 1102 and the user of the calling device 112 is prompted 904 to speak one or more words and depress one or more keys on a calling device. The one or more words and the one or more keys can be randomly generated by the AVC 104. The one or more keys can be selected from one or more digits of a telephone number of the called party, and the one or more keys can be selected from the 0-9, * and # keys. The spoken words and one or more signals associated with the depressed keys are received 906 by the AVC 104. One or more biometric parameters of the received spoken words are compared 908 with a stored voice biometric template for the user or calling party, the received spoken words are compared with the prompted words and the received signals are compared with the signals associated with the prompted keys. The new call is terminated 912 if the comparison fails. In addition, one or more notifications can be logged or sent to the called device called party 108 whenever the user or calling party is not authenticated. A stored message is played 1102 to the user or calling party to authenticate the called party or called device 108 if the comparison 908 is successful. The stored message was previously recorded by the user or calling party during the registration process 800. The new call is then transferred 914 to the called device or called party 108 and the called device or called party 108 then accepts (answer) or denies (do not answer) or transfers (e.g., voicemail) the new call 1004.
  • It will be understood by those of skill in the art that information and signals may be represented using any of a variety of different technologies and techniques (e.g., data, instructions, commands, information, signals, bits, symbols, and chips may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof). Likewise, the various illustrative logical blocks, modules, circuits, and algorithm steps described herein may be implemented as electronic hardware, computer software, or combinations of both, depending on the application and functionality. Moreover, the various logical blocks, modules, and circuits described herein may be implemented or performed with a general purpose processor (e.g., microprocessor, conventional processor, controller, microcontroller, state machine or combination of computing devices), a digital signal processor (“DSP”), an application specific integrated circuit (“ASIC”), a field programmable gate array (“FPGA”) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. Similarly, steps of a method or process described herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. Although preferred embodiments of the present invention have been described in detail, it will be understood by those skilled in the art that various modifications can be made therein without departing from the spirit and scope of the invention as set forth in the appended claims.

Claims (20)

1. A method for authenticating a calling device comprising the steps of:
receiving a call from the calling device;
sending a first authentication request to the calling device;
receiving a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key;
extracting the caller identification and the called number from the encrypted data using the shared secret encryption key;
determining whether the extracted caller identification and the extracted called number are valid; and
transferring the call to a called device whenever the extracted caller identification and the extracted called number are valid.
2. The method as recited in claim 1, wherein:
the first authentication request includes a controller generated encryption key;
the first authentication response includes a calling device generated encryption key and the calling device encrypted data; and
wherein the calling device encrypted data is generated using the caller identification, the calling number, the called number, the called device generated encryption key, the caller device generated encryption key and the shared secret encryption key.
3. The method as recited in claim 1, wherein the step of transferring the call to the called device whenever the extracted caller identification and the extracted called number are valid comprises the steps of:
sending a second authentication request to the calling device, wherein the second authentication request comprises a controller device encrypted data generated by a controller using the calling number, the called number, the called device generated encryption key, the caller device generated encryption key and the shared secret encryption key;
receiving a second authentication response from the calling device;
transferring the call to the called device whenever the second authentication response indicates success; and
terminating the call whenever the second authentication response indicates failure.
4. The method as recited in claim 1, further comprising the steps of:
registering the calling device; and
creating the shared secret encryption key.
5. The method as recited in claim 1, wherein the messages are exchanged using in-band communication channels, out-of-band communication channels, or a combination thereof.
6. An apparatus for authenticating a calling device comprising:
a communications interface; and
a processor communicably coupled to the communications interface, wherein the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid.
7. A system for authenticating a calling device comprising:
a communications network communicably coupled to the calling device;
a controller communicably coupled to the communications network wherein the controller comprises a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface, and wherein the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid; and
wherein the calling device (a) initiates the call, (b) receives the first authentication request, (c) generates the calling device encrypted data, and (d) sends the first authentication response.
8. The system as recited in claim 7, wherein the calling device further comprises an anti-vishing agent.
9. A method for authenticating a user of a calling device comprising the steps of:
receiving a call from the calling device;
terminating the call;
placing a new call to the calling device;
prompting the user to speak one or more words and depress one or more keys on the calling device;
receiving the spoken words and one or more signals associated with the depressed keys;
comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys; and
transferring the new call to a called device whenever the user is authenticated as a result of the comparison.
10. The method as recited in claim 9, further comprising the step of providing a notification to the calling device prior to terminating the call.
11. The method as recited in claim 9, further comprising the step of playing a stored message to the user to authenticate the called device, wherein the stored message was previously recorded by the user during a registration process.
12. The method as recited in claim 11, wherein the registration process comprises the steps of:
prompting the user to speak a message;
recording and storing the message; and
creating and storing the voice biometric template based on the user's voice.
13. The method as recited in claim 11, wherein the registration process comprises the step of periodically changing the stored message by prompting the user to speak a new message, recording the new message, and replacing the stored message with the new message.
14. The method as recited in claim 11, wherein the stored message is not played to the user until the user is authenticated.
15. The method as recited in claim 9, further comprising the steps of:
terminating the new call whenever the user is not authenticated; or
providing one or more notifications to the called device whenever the user is not authenticated.
16. The method as recited in claim 9, wherein the authentication method prevents caller ID spoofing, man-in-the-middle attacks, record and replay attacks, called device impersonation, or a combination thereof.
17. The method as recited in claim 9, wherein:
the one or more words and the one or more keys are randomly generated;
the one or more keys are selected from one or more digits of a telephone number of the called device; or
the one or more keys are selected from the 0-9, * and # keys.
18. The method as recited in claim 9, wherein:
the authentication method is an automated process executed by a controller operated by the called device, a network provider, a service provider, a facility provider or a call center;
the controller comprises a computer, a server, a switch, a PBX, or a gateway; and
the calling device comprises a phone, a computer, a PDA or other communications device.
19. An apparatus for authenticating a user of a calling device comprising:
a communications interface; and
a processor communicably coupled to the communications interface, wherein the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
20. A system for authenticating a user of a calling device comprising:
a communications network communicably coupled to the calling device;
a controller communicably coupled to the communications network wherein the controller comprises a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface; and
wherein the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
US12/366,630 2008-02-05 2009-02-05 System, method and apparatus for authenticating calls Expired - Fee Related US9197746B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US12/366,630 US9197746B2 (en) 2008-02-05 2009-02-05 System, method and apparatus for authenticating calls
US14/594,973 US9961197B2 (en) 2008-02-05 2015-01-12 System, method and apparatus for authenticating calls

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US2647008P 2008-02-05 2008-02-05
US12/366,630 US9197746B2 (en) 2008-02-05 2009-02-05 System, method and apparatus for authenticating calls

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/594,973 Division US9961197B2 (en) 2008-02-05 2015-01-12 System, method and apparatus for authenticating calls

Publications (2)

Publication Number Publication Date
US20090217039A1 true US20090217039A1 (en) 2009-08-27
US9197746B2 US9197746B2 (en) 2015-11-24

Family

ID=40999500

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/366,630 Expired - Fee Related US9197746B2 (en) 2008-02-05 2009-02-05 System, method and apparatus for authenticating calls
US14/594,973 Active 2029-05-19 US9961197B2 (en) 2008-02-05 2015-01-12 System, method and apparatus for authenticating calls

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/594,973 Active 2029-05-19 US9961197B2 (en) 2008-02-05 2015-01-12 System, method and apparatus for authenticating calls

Country Status (1)

Country Link
US (2) US9197746B2 (en)

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110211572A1 (en) * 2010-03-01 2011-09-01 International Business Machines Corporation Caller id callback authenticationi for voice over internet protocol ("voip") deployments
US20110246770A1 (en) * 2008-03-14 2011-10-06 Centre National De La Recherche Scientifique (C.N.R.S.) Authentication method, authentication system, server terminal, client terminal and computer programs therefor
WO2011132091A1 (en) * 2010-04-22 2011-10-27 Mediafon, Uab A telecommunication system and a method for fulfillment of repetitive orders and detection of telecommunication pirates
WO2011162972A1 (en) * 2010-06-23 2011-12-29 Nvoq Incorporated Apparatuses and methods to obtain information without disclosing the information to an agent and without recording the information
US8135119B1 (en) * 2008-11-04 2012-03-13 Trend Micro Incorporated Techniques for protecting telephone users from caller ID spoofing attacks
US20120100832A1 (en) * 2010-10-22 2012-04-26 Quallcomm Incorporated Authentication of access terminal identities in roaming networks
US20150003297A1 (en) * 2013-06-28 2015-01-01 Cable Television Laboratories, Inc. Caller-id for redirected calls from sip-pbx
US20150030156A1 (en) * 2013-07-29 2015-01-29 Verizon Patent And Licensing Inc. Multi-factor caller identification
WO2015103100A1 (en) * 2014-01-02 2015-07-09 Chen, Chung-Chin Authentication method and system for screening network caller id spoofs and malicious phone calls
US20160021244A1 (en) * 2014-07-21 2016-01-21 Xiaomi Inc. Method and device for identifying telephone call
WO2016095473A1 (en) * 2014-12-17 2016-06-23 中兴通讯股份有限公司 Security call method, terminal and system, and computer storage medium
US20160330315A1 (en) * 2012-10-21 2016-11-10 Verint Systems Ltd. System and method for user-privacy-aware communication monitoring and analysis
US9578498B2 (en) 2010-03-16 2017-02-21 Qualcomm Incorporated Facilitating authentication of access terminal identity
US9668128B2 (en) 2011-03-09 2017-05-30 Qualcomm Incorporated Method for authentication of a remote station using a secure element
US20170164194A1 (en) * 2014-06-26 2017-06-08 Nokia Solutions And Networks Oy Offloading of a wireless node authentication with core network
WO2017143304A1 (en) * 2016-02-19 2017-08-24 Tata Communications (America) Inc. System and method for authentication with missed calls
US20180249005A1 (en) * 2017-02-28 2018-08-30 At&T Intellectual Property I, L.P. System and method for identifying, authenticating, and processing an automated call
CN111092905A (en) * 2019-12-27 2020-05-01 郑州信大捷安信息技术股份有限公司 VOIP-based encrypted call method and system
US10681206B1 (en) 2018-12-05 2020-06-09 At&T Intellectual Property I, L.P. Detecting a spoofed call
US20200195776A1 (en) * 2018-12-18 2020-06-18 Wells Fargo Bank, N.A. Caller identification trust
US10764043B2 (en) * 2017-04-05 2020-09-01 University Of Florida Research Foundation, Incorporated Identity and content authentication for phone calls
US10785314B2 (en) * 2019-02-15 2020-09-22 Capital One Services, Llc Arrangements for detecting bi-directional artificial intelligence (AI) voice communications and negotiating direct digital communications
WO2020190788A1 (en) * 2019-03-18 2020-09-24 Capital One Services, Llc System and method for pre-authentication of customer support calls
US10805083B1 (en) 2019-09-04 2020-10-13 Capital One Services, Llc Systems and methods for authenticated communication sessions
US10819851B2 (en) 2017-02-28 2020-10-27 At&T Intellectual Property I, L.P. System and method for processing an automated call based on preferences and conditions
US10893140B2 (en) * 2015-12-31 2021-01-12 Telefonaktiebolaget Lm Ericsson (Publ) Method, system and device for an enhanced call setup with verification of a user equipment in a telecommunications network
US11122082B2 (en) 2019-03-18 2021-09-14 Capital One Services, Llc System and method for second factor authentication of customer support calls
US11412085B2 (en) 2019-03-28 2022-08-09 British Telecommunications Public Limited Company Spoof call detection in telephone network
US20230156120A1 (en) * 2019-09-30 2023-05-18 Ringcentral, Inc. System and method of caller verification
CN117041424A (en) * 2023-08-30 2023-11-10 中移互联网有限公司 Method, device, system, equipment and storage medium for displaying calling information
US12028375B2 (en) 2021-12-10 2024-07-02 Bank Of America Corporation Detecting and protecting against employee targeted phishing attacks

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9197746B2 (en) 2008-02-05 2015-11-24 Avaya Inc. System, method and apparatus for authenticating calls
US9762728B1 (en) 2016-12-02 2017-09-12 TrustID, Inc. Using calling party number for caller authentication
US10389529B2 (en) * 2017-06-27 2019-08-20 Uniken, Inc. Entropy-based authentication of mobile financial transaction
CN110121010B (en) * 2019-05-13 2020-05-15 重庆天蓬网络有限公司 One-key outbound realization method, terminal, medium and electronic equipment
CN112243067B (en) * 2019-07-16 2021-09-10 中国移动通信集团浙江有限公司 Anti-set dialing method, system, server and storage medium
US11537661B2 (en) 2020-10-02 2022-12-27 PolyAI Limited Systems and methods for conversing with a user
US12126763B2 (en) 2020-11-06 2024-10-22 Sevis Systems, Llc System and method for enabling trusted caller identity and spoofed call prevention
US11330098B1 (en) 2020-11-06 2022-05-10 Sevis Systems, Llc System and method for enabling trusted caller identity and spoofed call prevention
US11856037B2 (en) * 2021-01-27 2023-12-26 Zoom Video Communications, Inc. Multi-factor authentication for audio meeting participants
CN117501680A (en) * 2021-03-11 2024-02-02 坦迪西韦·埃兹文尼勒苏·帕玛 Voice fishing defending method and system
US11729313B2 (en) 2021-05-17 2023-08-15 T-Mobile Usa, Inc. Spoofed telephone call identifier

Citations (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4371752A (en) * 1979-11-26 1983-02-01 Ecs Telecommunications, Inc. Electronic audio communication system
US5289542A (en) * 1991-03-04 1994-02-22 At&T Bell Laboratories Caller identification system with encryption
US5581610A (en) * 1994-10-19 1996-12-03 Bellsouth Corporation Method for network traffic regulation and management at a mediated access service control point in an open advanced intelligent network environment
US6137782A (en) * 1998-07-21 2000-10-24 Sharon; Azulai Automatic network traffic analysis
US6324271B1 (en) * 1999-08-17 2001-11-27 Nortel Networks Limited System and method for authentication of caller identification
US6363065B1 (en) * 1999-11-10 2002-03-26 Quintum Technologies, Inc. okApparatus for a voice over IP (voIP) telephony gateway and methods for use therein
US20020129236A1 (en) * 2000-12-29 2002-09-12 Mikko Nuutinen VoIP terminal security module, SIP stack with security manager, system and security methods
US20030009699A1 (en) * 2001-06-13 2003-01-09 Gupta Ramesh M. Method and apparatus for detecting intrusions on a computer system
US20030070069A1 (en) * 2001-10-10 2003-04-10 Abhijit Belapurkar Authentication module for an enterprise access management system
US6598183B1 (en) * 2000-01-04 2003-07-22 Cisco Systems, Inc. Software tool for automated diagnosis and resolution of problems of voice, data and VoIP communications networks
US20040042470A1 (en) * 2000-06-16 2004-03-04 Geoffrey Cooper Method and apparatus for rate limiting
US20040083229A1 (en) * 2001-09-04 2004-04-29 Porter Robert Austin Apparatus and method for automatically grading and inputting grades to electronic gradebooks
US20040086093A1 (en) * 2002-10-29 2004-05-06 Schranz Paul Steven VoIP security monitoring & alarm system
US6757823B1 (en) * 1999-07-27 2004-06-29 Nortel Networks Limited System and method for enabling secure connections for H.323 VoIP calls
US6769016B2 (en) * 2001-07-26 2004-07-27 Networks Associates Technology, Inc. Intelligent SPAM detection system using an updateable neural analysis engine
US20040161086A1 (en) * 1998-12-11 2004-08-19 Securelogix Corporation Telephony security system
US6781955B2 (en) * 2000-12-29 2004-08-24 Ericsson Inc. Calling service of a VoIP device in a VLAN environment
US6789193B1 (en) * 2000-10-27 2004-09-07 Pitney Bowes Inc. Method and system for authenticating a network user
US20040176069A1 (en) * 1992-03-24 2004-09-09 Boatwright John T. Call security system
US20040260560A1 (en) * 2003-04-09 2004-12-23 Holloway J. Michael VoIP security intelligence systems and methods
US6842449B2 (en) * 2002-07-09 2005-01-11 Verisign, Inc. Method and system for registering and automatically retrieving digital-certificates in voice over internet protocol (VOIP) communications
US20050015488A1 (en) * 2003-05-30 2005-01-20 Pavan Bayyapu Selectively managing data conveyance between computing devices
US20050044363A1 (en) * 2003-08-21 2005-02-24 Zimmer Vincent J. Trusted remote firmware interface
US20050043014A1 (en) * 2002-08-08 2005-02-24 Hodge Stephen L. Telecommunication call management and monitoring system with voiceprint verification
US20050084087A1 (en) * 2001-02-27 2005-04-21 Mahesh Rajagopalan Methods and systems for CPN triggered collaboration
US20050132060A1 (en) * 2003-12-15 2005-06-16 Richard Mo Systems and methods for preventing spam and denial of service attacks in messaging, packet multimedia, and other networks
US20050193201A1 (en) * 2004-02-26 2005-09-01 Mahfuzur Rahman Accessing and controlling an electronic device using session initiation protocol
US20050201363A1 (en) * 2004-02-25 2005-09-15 Rod Gilchrist Method and apparatus for controlling unsolicited messaging in real time messaging networks
US20050249214A1 (en) * 2004-05-07 2005-11-10 Tao Peng System and process for managing network traffic
US20050259667A1 (en) * 2004-05-21 2005-11-24 Alcatel Detection and mitigation of unwanted bulk calls (spam) in VoIP networks
US20060028980A1 (en) * 2004-08-06 2006-02-09 Wright Steven Allan Methods, systems, and computer program products for managing admission control in a regional/access network based on user preferences
US20060034727A1 (en) * 2004-08-13 2006-02-16 Alps Electric Co., Ltd. Test plate and test method using the same
US7113577B2 (en) * 2003-10-17 2006-09-26 Sprint Communications Company L.P. Caller identification employing a digital content set
US20060233160A1 (en) * 2005-04-13 2006-10-19 Nec Corporation Call system, proxy dial server apparatus and proxy dial method for use therewith, and program thereof
US7181010B2 (en) * 2002-05-24 2007-02-20 Scientific-Atlanta, Inc. Apparatus for entitling remote client devices
US20070076853A1 (en) * 2004-08-13 2007-04-05 Sipera Systems, Inc. System, method and apparatus for classifying communications in a communications system
US20070083918A1 (en) * 2005-10-11 2007-04-12 Cisco Technology, Inc. Validation of call-out services transmitted over a public switched telephone network
US20070121596A1 (en) * 2005-08-09 2007-05-31 Sipera Systems, Inc. System and method for providing network level and nodal level vulnerability protection in VoIP networks
US7239688B1 (en) * 2004-04-23 2007-07-03 At&T Corp. Method, architectures and technique for authentication of telephone calls
US20070204060A1 (en) * 2005-05-20 2007-08-30 Hidemitsu Higuchi Network control apparatus and network control method
US20080016334A1 (en) * 2006-07-12 2008-01-17 Sipera Systems, Inc. System, Method and Apparatus for Securely Exchanging Security Keys and Monitoring Links in a IP Communications Network
US20080016515A1 (en) * 2006-07-12 2008-01-17 Sipera Systems, Inc. System, Method and Apparatus for Troubleshooting an IP Network
US20080086646A1 (en) * 2006-10-05 2008-04-10 Ceelox, Inc. System and method of secure encryption for electronic data transfer
US20080137828A1 (en) * 2006-12-12 2008-06-12 Mazen Chmaytelli Systems and methods for caller identification customization and remote management of communication devices
US7693269B2 (en) * 2004-12-06 2010-04-06 Electronics And Telecommunications Research Institute Caller identification method, and billing system and method using the same in internet telephony
US20100197293A1 (en) * 2007-09-20 2010-08-05 A.D.V. Communications Ltd. Remote computer access authentication using a mobile device

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5583933A (en) * 1994-08-05 1996-12-10 Mark; Andrew R. Method and apparatus for the secure communication of data
US6522879B2 (en) * 1996-02-16 2003-02-18 Lucent Technologies Inc. Two-way telephone and two-way paging service on the same wireless infrastructure
US5937381A (en) * 1996-04-10 1999-08-10 Itt Defense, Inc. System for voice verification of telephone transactions
US7444407B2 (en) * 2000-06-29 2008-10-28 Transnexus, Inc. Intelligent end user devices for clearinghouse services in an internet telephony system
DE60045552D1 (en) 1999-06-30 2011-03-03 Apptitude Inc METHOD AND DEVICE TO MONITOR THE NETWORK TRANSPORT
EP1172771B1 (en) * 2000-07-14 2006-04-19 Voice.Trust Ag Process and system for authorising a commercial transaction
US6601762B2 (en) * 2001-06-15 2003-08-05 Koninklijke Philips Electronics N.V. Point-of-sale (POS) voice authentication transaction system
JP2003078652A (en) * 2001-09-04 2003-03-14 Sharp Corp Electronic mail confirmation system, electronic mail system adopting the electronic mail confirmation system, communication terminal, internet access device, and server device for electronic mail
US20040010698A1 (en) * 2002-05-30 2004-01-15 Rolfe Andrew R. Digital certificate system incorporating voice biometric processing
US7222072B2 (en) * 2003-02-13 2007-05-22 Sbc Properties, L.P. Bio-phonetic multi-phrase speaker identity verification
US7212613B2 (en) * 2003-09-18 2007-05-01 International Business Machines Corporation System and method for telephonic voice authentication
US20090094671A1 (en) 2004-08-13 2009-04-09 Sipera Systems, Inc. System, Method and Apparatus for Providing Security in an IP-Based End User Device
US7933985B2 (en) 2004-08-13 2011-04-26 Sipera Systems, Inc. System and method for detecting and preventing denial of service attacks in a communications system
US8707419B2 (en) 2006-06-29 2014-04-22 Avaya Inc. System, method and apparatus for protecting a network or device against high volume attacks
US8494504B2 (en) * 2004-12-06 2013-07-23 Callwave Communications, Llc Methods and systems for telephony processing, including location based call transfers
US8396711B2 (en) * 2006-05-01 2013-03-12 Microsoft Corporation Voice authentication system and method
US8190431B2 (en) * 2006-09-25 2012-05-29 Verizon Patent And Licensing Inc. Method and system for providing speech recognition
US9325749B2 (en) * 2007-01-31 2016-04-26 At&T Intellectual Property I, Lp Methods and apparatus to manage conference call activity with internet protocol (IP) networks
US8705720B2 (en) 2007-02-08 2014-04-22 Avaya Inc. System, method and apparatus for clientless two factor authentication in VoIP networks
US20080195395A1 (en) * 2007-02-08 2008-08-14 Jonghae Kim System and method for telephonic voice and speech authentication
US8077835B2 (en) * 2007-03-30 2011-12-13 Verizon Patent And Licensing Inc. Method and system of providing interactive speech recognition based on call routing
US9197746B2 (en) 2008-02-05 2015-11-24 Avaya Inc. System, method and apparatus for authenticating calls
US8571526B2 (en) * 2009-01-07 2013-10-29 Just Calling, Llc System and method for recording a communication
US8301117B2 (en) * 2009-12-14 2012-10-30 Research In Motion Limited Authenticating voice calls from mobile devices
US11503084B2 (en) * 2011-07-27 2022-11-15 Vonage America Inc. Systems and methods of providing communications services

Patent Citations (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4371752A (en) * 1979-11-26 1983-02-01 Ecs Telecommunications, Inc. Electronic audio communication system
US5289542A (en) * 1991-03-04 1994-02-22 At&T Bell Laboratories Caller identification system with encryption
US20040176069A1 (en) * 1992-03-24 2004-09-09 Boatwright John T. Call security system
US5581610A (en) * 1994-10-19 1996-12-03 Bellsouth Corporation Method for network traffic regulation and management at a mediated access service control point in an open advanced intelligent network environment
US6137782A (en) * 1998-07-21 2000-10-24 Sharon; Azulai Automatic network traffic analysis
US20040161086A1 (en) * 1998-12-11 2004-08-19 Securelogix Corporation Telephony security system
US6757823B1 (en) * 1999-07-27 2004-06-29 Nortel Networks Limited System and method for enabling secure connections for H.323 VoIP calls
US6324271B1 (en) * 1999-08-17 2001-11-27 Nortel Networks Limited System and method for authentication of caller identification
US6363065B1 (en) * 1999-11-10 2002-03-26 Quintum Technologies, Inc. okApparatus for a voice over IP (voIP) telephony gateway and methods for use therein
US6665293B2 (en) * 1999-11-10 2003-12-16 Quintum Technologies, Inc. Application for a voice over IP (VoIP) telephony gateway and methods for use therein
US6598183B1 (en) * 2000-01-04 2003-07-22 Cisco Systems, Inc. Software tool for automated diagnosis and resolution of problems of voice, data and VoIP communications networks
US20040042470A1 (en) * 2000-06-16 2004-03-04 Geoffrey Cooper Method and apparatus for rate limiting
US6789193B1 (en) * 2000-10-27 2004-09-07 Pitney Bowes Inc. Method and system for authenticating a network user
US20020129236A1 (en) * 2000-12-29 2002-09-12 Mikko Nuutinen VoIP terminal security module, SIP stack with security manager, system and security methods
US6781955B2 (en) * 2000-12-29 2004-08-24 Ericsson Inc. Calling service of a VoIP device in a VLAN environment
US20050084087A1 (en) * 2001-02-27 2005-04-21 Mahesh Rajagopalan Methods and systems for CPN triggered collaboration
US20030009699A1 (en) * 2001-06-13 2003-01-09 Gupta Ramesh M. Method and apparatus for detecting intrusions on a computer system
US6769016B2 (en) * 2001-07-26 2004-07-27 Networks Associates Technology, Inc. Intelligent SPAM detection system using an updateable neural analysis engine
US20040083229A1 (en) * 2001-09-04 2004-04-29 Porter Robert Austin Apparatus and method for automatically grading and inputting grades to electronic gradebooks
US20030070069A1 (en) * 2001-10-10 2003-04-10 Abhijit Belapurkar Authentication module for an enterprise access management system
US7181010B2 (en) * 2002-05-24 2007-02-20 Scientific-Atlanta, Inc. Apparatus for entitling remote client devices
US6842449B2 (en) * 2002-07-09 2005-01-11 Verisign, Inc. Method and system for registering and automatically retrieving digital-certificates in voice over internet protocol (VOIP) communications
US20050043014A1 (en) * 2002-08-08 2005-02-24 Hodge Stephen L. Telecommunication call management and monitoring system with voiceprint verification
US20040086093A1 (en) * 2002-10-29 2004-05-06 Schranz Paul Steven VoIP security monitoring & alarm system
US20040260560A1 (en) * 2003-04-09 2004-12-23 Holloway J. Michael VoIP security intelligence systems and methods
US20050015488A1 (en) * 2003-05-30 2005-01-20 Pavan Bayyapu Selectively managing data conveyance between computing devices
US20050044363A1 (en) * 2003-08-21 2005-02-24 Zimmer Vincent J. Trusted remote firmware interface
US7113577B2 (en) * 2003-10-17 2006-09-26 Sprint Communications Company L.P. Caller identification employing a digital content set
US20050132060A1 (en) * 2003-12-15 2005-06-16 Richard Mo Systems and methods for preventing spam and denial of service attacks in messaging, packet multimedia, and other networks
US20050201363A1 (en) * 2004-02-25 2005-09-15 Rod Gilchrist Method and apparatus for controlling unsolicited messaging in real time messaging networks
US20050193201A1 (en) * 2004-02-26 2005-09-01 Mahfuzur Rahman Accessing and controlling an electronic device using session initiation protocol
US7239688B1 (en) * 2004-04-23 2007-07-03 At&T Corp. Method, architectures and technique for authentication of telephone calls
US20050249214A1 (en) * 2004-05-07 2005-11-10 Tao Peng System and process for managing network traffic
US20050259667A1 (en) * 2004-05-21 2005-11-24 Alcatel Detection and mitigation of unwanted bulk calls (spam) in VoIP networks
US20060028980A1 (en) * 2004-08-06 2006-02-09 Wright Steven Allan Methods, systems, and computer program products for managing admission control in a regional/access network based on user preferences
US20070076853A1 (en) * 2004-08-13 2007-04-05 Sipera Systems, Inc. System, method and apparatus for classifying communications in a communications system
US20060034727A1 (en) * 2004-08-13 2006-02-16 Alps Electric Co., Ltd. Test plate and test method using the same
US7693269B2 (en) * 2004-12-06 2010-04-06 Electronics And Telecommunications Research Institute Caller identification method, and billing system and method using the same in internet telephony
US20060233160A1 (en) * 2005-04-13 2006-10-19 Nec Corporation Call system, proxy dial server apparatus and proxy dial method for use therewith, and program thereof
US20070204060A1 (en) * 2005-05-20 2007-08-30 Hidemitsu Higuchi Network control apparatus and network control method
US20070121596A1 (en) * 2005-08-09 2007-05-31 Sipera Systems, Inc. System and method for providing network level and nodal level vulnerability protection in VoIP networks
US20070083918A1 (en) * 2005-10-11 2007-04-12 Cisco Technology, Inc. Validation of call-out services transmitted over a public switched telephone network
US20080016334A1 (en) * 2006-07-12 2008-01-17 Sipera Systems, Inc. System, Method and Apparatus for Securely Exchanging Security Keys and Monitoring Links in a IP Communications Network
US20080016515A1 (en) * 2006-07-12 2008-01-17 Sipera Systems, Inc. System, Method and Apparatus for Troubleshooting an IP Network
US20080086646A1 (en) * 2006-10-05 2008-04-10 Ceelox, Inc. System and method of secure encryption for electronic data transfer
US20080137828A1 (en) * 2006-12-12 2008-06-12 Mazen Chmaytelli Systems and methods for caller identification customization and remote management of communication devices
US20100197293A1 (en) * 2007-09-20 2010-08-05 A.D.V. Communications Ltd. Remote computer access authentication using a mobile device

Cited By (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110246770A1 (en) * 2008-03-14 2011-10-06 Centre National De La Recherche Scientifique (C.N.R.S.) Authentication method, authentication system, server terminal, client terminal and computer programs therefor
US8135119B1 (en) * 2008-11-04 2012-03-13 Trend Micro Incorporated Techniques for protecting telephone users from caller ID spoofing attacks
US20110211572A1 (en) * 2010-03-01 2011-09-01 International Business Machines Corporation Caller id callback authenticationi for voice over internet protocol ("voip") deployments
US9077566B2 (en) * 2010-03-01 2015-07-07 International Business Machines Corporation Caller ID callback authenticationi for voice over internet protocol (“VoIP”) deployments
US9578498B2 (en) 2010-03-16 2017-02-21 Qualcomm Incorporated Facilitating authentication of access terminal identity
WO2011132091A1 (en) * 2010-04-22 2011-10-27 Mediafon, Uab A telecommunication system and a method for fulfillment of repetitive orders and detection of telecommunication pirates
WO2011162972A1 (en) * 2010-06-23 2011-12-29 Nvoq Incorporated Apparatuses and methods to obtain information without disclosing the information to an agent and without recording the information
US20120100832A1 (en) * 2010-10-22 2012-04-26 Quallcomm Incorporated Authentication of access terminal identities in roaming networks
US9112905B2 (en) * 2010-10-22 2015-08-18 Qualcomm Incorporated Authentication of access terminal identities in roaming networks
US9668128B2 (en) 2011-03-09 2017-05-30 Qualcomm Incorporated Method for authentication of a remote station using a secure element
US20160330315A1 (en) * 2012-10-21 2016-11-10 Verint Systems Ltd. System and method for user-privacy-aware communication monitoring and analysis
US10079933B2 (en) * 2012-10-21 2018-09-18 Verint Systems Ltd. System and method for user-privacy-aware communication monitoring and analysis
US20150003297A1 (en) * 2013-06-28 2015-01-01 Cable Television Laboratories, Inc. Caller-id for redirected calls from sip-pbx
US9060002B2 (en) * 2013-06-28 2015-06-16 Cable Television Laboratories, Inc. Caller-ID for redirected calls from SIP-PBX
US9191423B2 (en) * 2013-06-28 2015-11-17 Cable Television Laboratories, Inc. Caller-ID for redirected calls from SIP-PBX
US9247427B2 (en) * 2013-07-29 2016-01-26 Verizon Patent And Licensing Inc. Multi-factor caller identification
US20150030156A1 (en) * 2013-07-29 2015-01-29 Verizon Patent And Licensing Inc. Multi-factor caller identification
WO2015103100A1 (en) * 2014-01-02 2015-07-09 Chen, Chung-Chin Authentication method and system for screening network caller id spoofs and malicious phone calls
US20170164194A1 (en) * 2014-06-26 2017-06-08 Nokia Solutions And Networks Oy Offloading of a wireless node authentication with core network
US9521251B2 (en) * 2014-07-21 2016-12-13 Xiaomi Inc. Method and device for identifying telephone call
US20160021244A1 (en) * 2014-07-21 2016-01-21 Xiaomi Inc. Method and device for identifying telephone call
WO2016095473A1 (en) * 2014-12-17 2016-06-23 中兴通讯股份有限公司 Security call method, terminal and system, and computer storage medium
US10893140B2 (en) * 2015-12-31 2021-01-12 Telefonaktiebolaget Lm Ericsson (Publ) Method, system and device for an enhanced call setup with verification of a user equipment in a telecommunications network
WO2017143304A1 (en) * 2016-02-19 2017-08-24 Tata Communications (America) Inc. System and method for authentication with missed calls
US20180249005A1 (en) * 2017-02-28 2018-08-30 At&T Intellectual Property I, L.P. System and method for identifying, authenticating, and processing an automated call
US10819851B2 (en) 2017-02-28 2020-10-27 At&T Intellectual Property I, L.P. System and method for processing an automated call based on preferences and conditions
US10764043B2 (en) * 2017-04-05 2020-09-01 University Of Florida Research Foundation, Incorporated Identity and content authentication for phone calls
US10681206B1 (en) 2018-12-05 2020-06-09 At&T Intellectual Property I, L.P. Detecting a spoofed call
US11070667B2 (en) 2018-12-05 2021-07-20 At&T Intellectual Property I, L.P. Detecting a spoofed call
US11659080B2 (en) 2018-12-05 2023-05-23 At&T Intellectual Property I, L.P. Detecting a spoofed call
US20200195776A1 (en) * 2018-12-18 2020-06-18 Wells Fargo Bank, N.A. Caller identification trust
US11902464B1 (en) 2018-12-18 2024-02-13 Wells Fargo Bank, N.A. Caller identification trust
US10992799B2 (en) * 2018-12-18 2021-04-27 Wells Fargo Bank, N.A. Caller identification trust
US11509765B1 (en) 2018-12-18 2022-11-22 Wells Fargo Bank, N.A. Caller identification trust
US11356514B2 (en) * 2019-02-15 2022-06-07 Capital One Services, Llc Arrangements for detecting bi-directional artificial intelligence (AI) voice communications and negotiating direct digital communications
US10785314B2 (en) * 2019-02-15 2020-09-22 Capital One Services, Llc Arrangements for detecting bi-directional artificial intelligence (AI) voice communications and negotiating direct digital communications
AU2020239994B2 (en) * 2019-03-18 2023-02-02 Capital One Services, Llc System and method for pre-authentication of customer support calls
US12074910B2 (en) 2019-03-18 2024-08-27 Capital One Services, Llc System and method for second factor authentication to perform services
US11082229B2 (en) 2019-03-18 2021-08-03 Capital One Services, Llc System and method for pre-authentication of customer support calls
US11122082B2 (en) 2019-03-18 2021-09-14 Capital One Services, Llc System and method for second factor authentication of customer support calls
CN113661699A (en) * 2019-03-18 2021-11-16 第一资本服务有限责任公司 System and method for pre-authentication of customer support calls
EP4280581A3 (en) * 2019-03-18 2024-01-24 Capital One Services, LLC System and method for pre-authentication of customer support calls
WO2020190788A1 (en) * 2019-03-18 2020-09-24 Capital One Services, Llc System and method for pre-authentication of customer support calls
US11412085B2 (en) 2019-03-28 2022-08-09 British Telecommunications Public Limited Company Spoof call detection in telephone network
US20220337701A1 (en) * 2019-03-28 2022-10-20 British Telecommunications Public Limited Company Spoof call detection in telephone network
US11849068B2 (en) * 2019-03-28 2023-12-19 British Telecommunications Public Limited Company Spoof call detection in telephone network
US11362828B2 (en) * 2019-09-04 2022-06-14 Capital One Services, Llc Systems and methods for authenticated communication sessions
US10805083B1 (en) 2019-09-04 2020-10-13 Capital One Services, Llc Systems and methods for authenticated communication sessions
US20230156120A1 (en) * 2019-09-30 2023-05-18 Ringcentral, Inc. System and method of caller verification
CN111092905A (en) * 2019-12-27 2020-05-01 郑州信大捷安信息技术股份有限公司 VOIP-based encrypted call method and system
US12028375B2 (en) 2021-12-10 2024-07-02 Bank Of America Corporation Detecting and protecting against employee targeted phishing attacks
CN117041424A (en) * 2023-08-30 2023-11-10 中移互联网有限公司 Method, device, system, equipment and storage medium for displaying calling information

Also Published As

Publication number Publication date
US9197746B2 (en) 2015-11-24
US20150124945A1 (en) 2015-05-07
US9961197B2 (en) 2018-05-01

Similar Documents

Publication Publication Date Title
US9961197B2 (en) System, method and apparatus for authenticating calls
US10764043B2 (en) Identity and content authentication for phone calls
US8156335B2 (en) IP address secure multi-channel authentication for online transactions
US9882723B2 (en) Method and system for authentication
US7739196B2 (en) Policy control and billing support for call transfer in a session initiation protocol (SIP) network
US8522344B2 (en) Theft of service architectural integrity validation tools for session initiation protocol (SIP)-based systems
US8503657B2 (en) System, method and apparatus for authenticating and protecting an IP user-end device
US20070220275A1 (en) WEB AUTHORIZATION BY AUTOMATED INTERACTIVE PHONE OR VoIP SESSION
US20090025075A1 (en) On-demand authentication of call session party information during a telephone call
Reaves et al. {AuthentiCall}: Efficient Identity and Content Authentication for Phone Calls
Mustafa et al. You can call but you can't hide: detecting caller id spoofing attacks
US20080181380A1 (en) Proxy for authenticated caller name
TW201014315A (en) User identity authentication method, system thereof and identifying code generating maintenance subsystem
Mustafa et al. End-to-end detection of caller ID spoofing attacks
US8635454B2 (en) Authentication systems and methods using a packet telephony device
US10893414B1 (en) Selective attestation of wireless communications
CN103166962A (en) Method for safely calling session initiation protocol (SIP) terminal based on bound number authentication mechanism
US9686270B2 (en) Authentication systems and methods using a packet telephony device
Du et al. {UCBlocker}: Unwanted call blocking using anonymous authentication
Sheoran et al. NASCENT: Tackling caller-ID spoofing in 4G networks via efficient network-assisted validation
Tas et al. Blockchain-Based Caller-ID Authentication (BBCA): A Novel Solution to Prevent Spoofing Attacks in VoIP/SIP Networks
Wang et al. Voice pharming attack and the trust of VoIP
US20140359733A1 (en) Authentication System and Method for Authenticating IP Communications Clients at a Central Device
CN101087326B (en) A communication terminal registration method and system
JP2000209284A (en) Device and method for authentication

Legal Events

Date Code Title Description
AS Assignment

Owner name: SIPERA SYSTEMS, INC., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KURAPATI, SRIKRISHNA;MOHAN, RAJESH;SADHASIVAM, KARTHIKEYAN;AND OTHERS;REEL/FRAME:022465/0082;SIGNING DATES FROM 20080507 TO 20080514

Owner name: SIPERA SYSTEMS, INC., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KURAPATI, SRIKRISHNA;MOHAN, RAJESH;SADHASIVAM, KARTHIKEYAN;AND OTHERS;SIGNING DATES FROM 20080507 TO 20080514;REEL/FRAME:022465/0082

AS Assignment

Owner name: COMERICA BANK, CALIFORNIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:SIPERA SYSTEMS, INC.;REEL/FRAME:025243/0742

Effective date: 20061220

AS Assignment

Owner name: SILICON VALLEY BANK, TEXAS

Free format text: SECURITY AGREEMENT;ASSIGNOR:SIPERA SYSTEMS, INC.;REEL/FRAME:025694/0699

Effective date: 20110118

AS Assignment

Owner name: SIPERA SYSTEMS, INC., TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:COMERICA BANK;REEL/FRAME:025901/0892

Effective date: 20110302

AS Assignment

Owner name: SIPERA SYSTEMS, INC., TEXAS

Free format text: RELEASE;ASSIGNOR:SILICON VALLEY BANK;REEL/FRAME:027120/0119

Effective date: 20111020

AS Assignment

Owner name: AVAYA INC., NEW JERSEY

Free format text: MERGER;ASSIGNOR:SIPERA SYSTEMS, INC.;REEL/FRAME:027138/0920

Effective date: 20111003

ZAAA Notice of allowance and fees due

Free format text: ORIGINAL CODE: NOA

ZAAB Notice of allowance mailed

Free format text: ORIGINAL CODE: MN/=.

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

ZAAA Notice of allowance and fees due

Free format text: ORIGINAL CODE: NOA

ZAAB Notice of allowance mailed

Free format text: ORIGINAL CODE: MN/=.

FEPP Fee payment procedure

Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
AS Assignment

Owner name: CITIBANK, N.A., AS ADMINISTRATIVE AGENT, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:AVAYA INC.;AVAYA INTEGRATED CABINET SOLUTIONS INC.;OCTEL COMMUNICATIONS CORPORATION;AND OTHERS;REEL/FRAME:041576/0001

Effective date: 20170124

AS Assignment

Owner name: OCTEL COMMUNICATIONS LLC (FORMERLY KNOWN AS OCTEL COMMUNICATIONS CORPORATION), CALIFORNIA

Free format text: BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL/FRAME 041576/0001;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:044893/0531

Effective date: 20171128

Owner name: AVAYA INTEGRATED CABINET SOLUTIONS INC., CALIFORNIA

Free format text: BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL/FRAME 041576/0001;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:044893/0531

Effective date: 20171128

Owner name: AVAYA INTEGRATED CABINET SOLUTIONS INC., CALIFORNI

Free format text: BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL/FRAME 041576/0001;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:044893/0531

Effective date: 20171128

Owner name: VPNET TECHNOLOGIES, INC., CALIFORNIA

Free format text: BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL/FRAME 041576/0001;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:044893/0531

Effective date: 20171128

Owner name: AVAYA INC., CALIFORNIA

Free format text: BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL/FRAME 041576/0001;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:044893/0531

Effective date: 20171128

Owner name: OCTEL COMMUNICATIONS LLC (FORMERLY KNOWN AS OCTEL

Free format text: BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL/FRAME 041576/0001;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:044893/0531

Effective date: 20171128

AS Assignment

Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:AVAYA INC.;AVAYA INTEGRATED CABINET SOLUTIONS LLC;OCTEL COMMUNICATIONS LLC;AND OTHERS;REEL/FRAME:045034/0001

Effective date: 20171215

Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW Y

Free format text: SECURITY INTEREST;ASSIGNORS:AVAYA INC.;AVAYA INTEGRATED CABINET SOLUTIONS LLC;OCTEL COMMUNICATIONS LLC;AND OTHERS;REEL/FRAME:045034/0001

Effective date: 20171215

AS Assignment

Owner name: CITIBANK, N.A., AS COLLATERAL AGENT, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:AVAYA INC.;AVAYA INTEGRATED CABINET SOLUTIONS LLC;OCTEL COMMUNICATIONS LLC;AND OTHERS;REEL/FRAME:045124/0026

Effective date: 20171215

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: WILMINGTON TRUST, NATIONAL ASSOCIATION, MINNESOTA

Free format text: SECURITY INTEREST;ASSIGNORS:AVAYA INC.;AVAYA MANAGEMENT L.P.;INTELLISIST, INC.;AND OTHERS;REEL/FRAME:053955/0436

Effective date: 20200925

AS Assignment

Owner name: WILMINGTON TRUST, NATIONAL ASSOCIATION, AS COLLATERAL AGENT, DELAWARE

Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNORS:AVAYA INC.;INTELLISIST, INC.;AVAYA MANAGEMENT L.P.;AND OTHERS;REEL/FRAME:061087/0386

Effective date: 20220712

AS Assignment

Owner name: AVAYA INTEGRATED CABINET SOLUTIONS LLC, NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124/FRAME 0026;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:063457/0001

Effective date: 20230403

Owner name: AVAYA MANAGEMENT L.P., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124/FRAME 0026;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:063457/0001

Effective date: 20230403

Owner name: AVAYA INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124/FRAME 0026;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:063457/0001

Effective date: 20230403

Owner name: AVAYA HOLDINGS CORP., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124/FRAME 0026;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:063457/0001

Effective date: 20230403

AS Assignment

Owner name: WILMINGTON SAVINGS FUND SOCIETY, FSB (COLLATERAL AGENT), DELAWARE

Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNORS:AVAYA MANAGEMENT L.P.;AVAYA INC.;INTELLISIST, INC.;AND OTHERS;REEL/FRAME:063742/0001

Effective date: 20230501

AS Assignment

Owner name: CITIBANK, N.A., AS COLLATERAL AGENT, NEW YORK

Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNORS:AVAYA INC.;AVAYA MANAGEMENT L.P.;INTELLISIST, INC.;REEL/FRAME:063542/0662

Effective date: 20230501

AS Assignment

Owner name: AVAYA MANAGEMENT L.P., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: CAAS TECHNOLOGIES, LLC, NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: HYPERQUALITY II, LLC, NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: HYPERQUALITY, INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: ZANG, INC. (FORMER NAME OF AVAYA CLOUD INC.), NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: VPNET TECHNOLOGIES, INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: OCTEL COMMUNICATIONS LLC, NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: AVAYA INTEGRATED CABINET SOLUTIONS LLC, NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: INTELLISIST, INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: AVAYA INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 045034/0001);ASSIGNOR:GOLDMAN SACHS BANK USA., AS COLLATERAL AGENT;REEL/FRAME:063779/0622

Effective date: 20230501

Owner name: AVAYA INTEGRATED CABINET SOLUTIONS LLC, NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 53955/0436);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063705/0023

Effective date: 20230501

Owner name: INTELLISIST, INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 53955/0436);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063705/0023

Effective date: 20230501

Owner name: AVAYA INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 53955/0436);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063705/0023

Effective date: 20230501

Owner name: AVAYA MANAGEMENT L.P., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 53955/0436);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063705/0023

Effective date: 20230501

Owner name: AVAYA INTEGRATED CABINET SOLUTIONS LLC, NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 61087/0386);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063690/0359

Effective date: 20230501

Owner name: INTELLISIST, INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 61087/0386);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063690/0359

Effective date: 20230501

Owner name: AVAYA INC., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 61087/0386);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063690/0359

Effective date: 20230501

Owner name: AVAYA MANAGEMENT L.P., NEW JERSEY

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS (REEL/FRAME 61087/0386);ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION, AS NOTES COLLATERAL AGENT;REEL/FRAME:063690/0359

Effective date: 20230501

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: AVAYA LLC, DELAWARE

Free format text: (SECURITY INTEREST) GRANTOR'S NAME CHANGE;ASSIGNOR:AVAYA INC.;REEL/FRAME:065019/0231

Effective date: 20230501

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20231124

AS Assignment

Owner name: AVAYA MANAGEMENT L.P., NEW JERSEY

Free format text: INTELLECTUAL PROPERTY RELEASE AND REASSIGNMENT;ASSIGNOR:WILMINGTON SAVINGS FUND SOCIETY, FSB;REEL/FRAME:066894/0227

Effective date: 20240325

Owner name: AVAYA LLC, DELAWARE

Free format text: INTELLECTUAL PROPERTY RELEASE AND REASSIGNMENT;ASSIGNOR:WILMINGTON SAVINGS FUND SOCIETY, FSB;REEL/FRAME:066894/0227

Effective date: 20240325

Owner name: AVAYA MANAGEMENT L.P., NEW JERSEY

Free format text: INTELLECTUAL PROPERTY RELEASE AND REASSIGNMENT;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:066894/0117

Effective date: 20240325

Owner name: AVAYA LLC, DELAWARE

Free format text: INTELLECTUAL PROPERTY RELEASE AND REASSIGNMENT;ASSIGNOR:CITIBANK, N.A.;REEL/FRAME:066894/0117

Effective date: 20240325

AS Assignment

Owner name: ARLINGTON TECHNOLOGIES, LLC, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AVAYA LLC;REEL/FRAME:067022/0780

Effective date: 20240329